The good news? Square Enix Members users' login and credit card info is probably safe. The bad news? Their names, phone numbers, and email addresses may have been stolen by hackers.
Two days ago, Square Enix revealed that it had been victim of what may have been a fairly substantial data theft. The company publicly admitted that it had detected some "unauthorized access" on its Square Enix Members servers and subsequently shut everything down while it conducted an internal investigation. Exactly what information, if any, had been taken wasn't clear. Now the damage has been assessed and it's not pretty: According to a company spokesperson, the information for up to 1.8 million accounts may have been stolen.
Exactly how many servers were breached hasn't been determined. That said, it was determined that the hackers hit servers in Japan and North America (which hold data of one million and 800,000 customers, respectively). The servers in Europe, which have the personal information for 300,000 members, weren't hit.
Though it's suspected that the compromised information includes things like customer names, phone numbers and e-mails, the publisher is claiming that login information wasn't accessed. Nor, Square Enix maintains, was any credit card info.
Square Enix, following these discoveries, has updated the message on its Square Enix Members website:
As a result of our continuing investigation into the unauthorized intrusion reported yesterday, Square Enix has now determined that user login credentials were not accessed. Moreover, we have not found evidence that the individual was able to access any personal information at all.
We will be sending an email to all Square Enix Members advising that an incident took place. This email will not be requesting any action from you.
We have reported this incident to the Japanese Government.
Because we have decided to conduct a broader internal investigation, it will take a few more days before we make the Square Enix Members service available once again. We deeply regret the inconvenience this may have caused our customers and fans, and appreciate your patience.
While members of the service can't be happy that some of their personal information is possibly in the hands of hackers, the situation could be a lot worse. Since, at the moment, Square Enix can't fully confirm or deny what (if any) info the hackers were able to make off with, users are still left wondering just how worried they should be about their online security. Hopefully Square Enix can confirm within the next few days that nothing was actually extracted from the servers.
This is the second time that Square Enix has been hacked this year: Back in May, hackers broke into Eidosmontreal.com and stole several hundred résumés and thousands of email addresses on file.